Short Bytes: ForAllSecure, the minds behind the Mayhem Hacker Robot who won the Pentagon’s Cyber Grand Challenger Contest, are working to make the software a bug fixer. They are aiming an autonomous system which would find vulnerabilities in the commercial devices like routers and automatically fix them.Every year, we see large botnets of compromised devices affecting the internet on a global scale. Although, as impossible it may sound, the future might have an army of robots dedicated to fixing vulnerabilities in devices like routers and IoT devices, often a soft target for hackers while building massive botnets to create high-intensity DDoS attacks.
Last year, a startup ForAllSecure’s Mayhem software won the DARPA’s $2 million Cyber Grand Challenge contest, where automated systems from different teams engaged in a hacking battle.
The ForAllSecure team behind the robot hacker Mayhem wants to deploy it in the real world fixing vulnerabilities and bugs in the software running on commercial hardware, like routers. Such devices are widely dependent on the firmware pushed by their vendor’s.
Hardware companies sacrifice a significant chunk of their money pie to provide security patches and fixes – created by humans – for their older products. An automated system in existence will bring a substantial ease for such companies.
“Now when a machine is compromised it takes days or weeks for someone to notice and then days or weeks—or never—until a patch is put out,” says David Brumley, the co-founder and the CEO of ForAllSecure. He is an associate professor at the Carnegie Mellon University.
“Imagine a world where the first time a hacker exploits a vulnerability he can only exploit one machine and then it’s patched,” Brumley adds.
ForAllSecure is trying to make Mayhem software a bug fixer. They are working with some companies, assisting them in fixing bugs in their products. However, the story may not be buttery smooth. Not all the devices makers would wholeheartedly welcome an autonomous bug fixing system for their hardware.
Security patches applied without human interference can put a question about quality assurance. Something bad may happen with the devices due to incompatible fixes. But it is still too early to make any assumptions. Brumley acknowledges this thing, but according to him, human involvement “slows down the process”.
What are your views on this? Drop your thoughts and feedback.